Features and/or functionality of cloud services may have compliance, security, and/or privacy impacts (e.g., a feature that synchronizes customer data to a social network may mean that data leaves the service provider's privacy scope and may be under the social network's privacy scope). The compliance, security, and privacy implications of such features may be complex and customer organizations may have someone (a compliance officer) whose job it is to understand these impacts to their business. Even if a feature can be disabled by a customer, the person who makes that decision is typically a system administrator, who may not understand the compliance, security, privacy impacts. This may lead to a situation where the system administrator turns on a feature which increases compliance risk without the compliance officer being aware, either because the compliance officer does not understand what risk the feature might pose, or because the system administrator acts without consulting the compliance officer.